Unless we end up getting some kind of a bootrom exploit, or some other "miracle" hack comes about, downgrading to 2.1 will remain the only realistic option to get the OTP, and @d0k3's tools have proven time and again to be safe. As long as you can follow directions, the entire process is about as safe as it can possibly be, especially now since Hourglass9 is out, which should remove a lot of human error from the NAND restoration parts.

i've done two installs of A9LH in recent days. it's safe but read the guide thoroughly, follow the guide exactly, take it slow, and if you're unsure of anything ask for help somewhere. don't assume anything.

Oh, don't worry, it's a technical detail that won't affect common users/developers and most likely not even bootrom researchers; but when you make consoles by the tens of thousands, a fixed rom + a small prom is cheaper and more reliable than a larger prom!

Unless we end up getting some kind of a bootrom exploit, or some other "miracle" hack comes about, downgrading to 2.1 will remain the only realistic option to get the OTP, and @d0k3's tools have proven time and again to be safe. As long as you can follow directions, the entire process is about as safe as it can possibly be, especially now since Hourglass9 is out, which should remove a lot of human error from the NAND restoration parts.

Click to expand...

Do you know if anyone has looked at applying Tempesthax to the 3DS? I know it already has to several different kinds of encryption software on both the iPhone and Android to extract ECDSA keys.

Do you know if anyone has looked at applying Tempesthax to the 3DS? I know it already has to several different kinds of encryption software on both the iPhone and Android to extract ECDSA keys.

Click to expand...

I don't fully understand what they're doing there, but it says this:

fully extract decryption keys, by measuring the laptop's electromagnetic emanations during decryption of a chosen ciphertext

Click to expand...

Wouldn't that mean we would need to know the encryption/decryption key used to protect OTP in order to have any hope of discovering it using the method? Also, the equipment needed is so specialised, whereas currently OTP can be captured using a relatively safe method.

Wouldn't that mean we would need to know the encryption/decryption key used to protect OTP in order to have any hope of discovering it using the method? Also, the equipment needed is so specialised, whereas currently OTP can be captured using a relatively safe method.

Click to expand...

No, the whole point of what they did is to extract the keys. Known/chosen plaintext means that you know (or can control) what is being encrypted or decrypted. Also, the point of using something like that would be to get the Bootrom keys or other keys we don't have, not OTP. You know, like the ones that would be needed to install CIA files or system titles directly, which would allow downgrading to any firmware via hardmod. Or decrypting games without the need for a 3DS and decrypt9.

No, the whole point of what they did is to extract the keys. Known/chosen plaintext means that you know (or can control) what is being encrypted or decrypted. Also, the point of using something like that would be to get the Bootrom keys or other keys we don't have, not OTP. You know, like the ones that would be needed to install CIA files or system titles directly, which would allow downgrading to any firmware via hardmod. Or decrypting games without the need for a 3DS and decrypt9.

Click to expand...

I see. But still, wouldn't those keys be per-console, and hence the same elaborate process would be needed to capture them each time?